Sudo and passwords configuration

From Elvanör's Technical Wiki
Revision as of 15:20, 29 March 2008 by Elvanor (talk | contribs) (New page: == Concepts == * With sudo you can specify which users may run which commands on a given host, and as a given user. You can configure sudo so that it does, or does not, prompt for a passw...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Concepts

  • With sudo you can specify which users may run which commands on a given host, and as a given user. You can configure sudo so that it does, or does not, prompt for a password.

Main configuration file

  • The configuration is done via /etc/sudoers.
  • A single line looks like:
elvanor ALL = (tomcat) NOPASSWD: /usr/bin/gimp-console, /usr/bin/convert

This would mean that the user elvanor may run, as the user tomcat, the commands gimp-console and convert on any host (the first ALL represent the hosts). He won't be asked for a password.

Environment variables

  • Normally, sudo passes to the processes it creates a clean environment (eg, no environment variables from the parent shell). However this behavior can be modified via some flags (env_reset, env_keep etc). env_keep is specially interesting as it allows a specified environment variable to be passed to the process sudo creates.
Retrieved from "https://wiki.elvanor.net/index.php?title=Sudo_and_passwords_configuration&oldid=2637"